[SRU][J][PATCH 0/1] CVE-2024-40915

[Bethany Jamison]

[Impact]

riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context
__kernel_map_pages() is a debug function which clears the valid bit in page
table entry for deallocated pages to detect illegal memory accesses to
freed pages.

This function set/clear the valid bit using __set_memory(). __set_memory()
acquires init_mm's semaphore, and this operation may sleep. This is
problematic, because  __kernel_map_pages() can be called in atomic context,
and thus is illegal to sleep.

Rewrite this function with apply_to_existing_page_range(). It is fine to
not have any locking, because __kernel_map_pages() works with pages being
allocated/deallocated and those pages are not changed by anyone else in the
meantime.

[Fix]

Noble:	released
Jammy:	Clean cherry-pick
Focal:	not-affected
Bionic:	not-affected
Xenial:	not-affected
Trusty:	not-affected

[Test Case]

Compile tested.

[Where problems could occur]

This fix affects those who use pages with riscv, an issue with this fix
would be visible to the user via unpredicted system behavior or a system
crash.

Nam Cao (1):
  riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context

 arch/riscv/mm/pageattr.c | 28 ++++++++++++++++++++++------
 1 file changed, 22 insertions(+), 6 deletions(-)

-- 
2.34.1